John Eidar Simensen of Institute for Energy Technology offered a methodology using Baysian Belief Networks for estimating the complexity of critical instrumentation and control systems. This is an ongoing project which may provide the first real metrics for complexity after years of trying.
Johan Akerberg of ABB showed a potential hack of ProfiSAFE, noting that although ProfiSAFE has been rated for SIL 3, it was not intended to be safe from cyber attack. The hack is a potential vulnerability, and Akerberg said he did not know of any actual exploits against this vulnerability, but it is a fairly easy brute force accessible vulnerability. Therefore, he recommends the use of _security modules_ between the Profibus I/O and the ProfiSAFE network.
Geraldine Vache Of CNRS-LAAS discussed an environmental characterization and system modeling approach to the quantitive evaluation of security. She discussed the system environment, including vulnerabilities (2 categories: design/development and configuration/use), attackers and the system administrator... She discussed what she called the vulnerability life cycle: discovery, disclosure, patch disclosure. She described the modeling formalism she used in her study: SAN. She made two models corresponding to two scenarios of discovery, and she showed slides showing the states of the models. Then she discussed the validation scenario for her models. They did simulation using read data...the Slammer worm. The model was characterized using mean time to patch application when the system is in states: vulnerable, exploitable, compromised... She presented data on the impact of the vulnerability on the administrator's behavior.
Carlos Bilich and Zaijun Hu from ABB discussed the trials and tribulations of creating a Functional Safety Management structure for all business units and the establishment of a safety lifecycle model across a huge global enterprise, and actually getting it to the point that the business units believe in it and will use it. In two separate papers, first Bilich and then Hu, detailed the way they have designed the FSM structure and the safety lifecycle model for ABB.
In the final paper of the day, Michaela Huhn from TU Braunschweig discussed analyzing safety case arguments in a structured logical analysis method. She showed how to deconstruct a safety case to determine how effective the argument is.
